Fundamentals

Around Christmas I bought myself a brand new shiny iPhone 3GS which currently running OS version 3.1.3 (7E18), Carrier O2 5.1. I have decided to use this phone within this project which requires a few tests and a little hacking. To begin, access to the file system must be granted. To do this, the phone is jailbroken and a number of tools are installed to enable remote SSH access for ease during the project.

Until recently, @geohot‘s blackra1n only offered an tethered jailbreak for the iPhone. This meant that if the phone died or was switched off, it was necessary to hook up the phone to a system which could run blackra1n to inject the exploit code again. Luckily for me, an untethered jailbreak was released which eased the process. This application is called Spirit and is a quick plug-in and click job. It is important to note that this application doesn’t offer any carrier unlock but as I’m already on O2 this is fine.

Once unlocked, Cydia (a package management application) is upgraded and installed. Using this we can install OpenSSH as per http://www.hackthatphone.com/2x/open_ssh.html. This allowed me open an SSH connection to the iPhone from Terminal.app thus gaining access to the filesystem.

As a side note, there are two usable accounts on all iPhones by default. Inspecting the /etc/passwd file shows:

root:*:0:0:System Administrator:/var/root:/bin/sh

mobile:*:501:501:Mobile User:/var/mobile:/bin/sh

Note, the root password by default is “alpine” and is used as the system administrator account. The mobile account is used for standard usage (launching applications from the UI etc) and can be accessed via SSH or by logging in as root and issuing “su — mobile” on the command line. If logged in as the mobile user, use “login -pf root” to become root.

At this point, I played around with the filesystem and explored the various commands available. Being familiar with BSD 4.4 FS (Thank you FreeBSD!) and Darwin (Thank you Macbook), a lot of the basic commands were missing: ps, man, netstat, text editor, etc. Exploring Cydia, I found some of these tools were easily downloadable.

Navigation

Alan Neville

Alan Neville, Bio

Dia Guit. My name is Alan Neville. I am currently sitting a Masters (MS.c) programme in Dublin City University (DCU) focused around Security and Forensics in Computing. This blog has been created to host various bits and pieces I come across in relation to my thesis.